All releases of Apache

Release Notes: New features include loadable MPMs, major improvements to OCSP support, mod_lua, dynamic reverse proxy configuration, improved authentication/authorization, FastCGI proxy, a new expression parser, and a small object caching API.

Release Notes: This major release features loadable MPMs, major improvements to OCSP support, mod_lua, dynamic reverse proxy configuration, improved authentication/authorization, a FastCGI proxy, a new expression parser, and a small object caching API.

Release Notes: This release was updated to reflect the OpenSSL project's release 0.9.8m of the openssl library, and addresses the TLS renegotiation prefix injection attack.
This release further addresses security issues within mod_proxy_ajp, mod_isapi, and mod_headers
respectively.

Release Notes: This release is intended as the final release of version 1.3 of the Apache HTTP Server, which has reached end-of-life status. It fixes a security issue in mod_proxy in order to prevent chunk-size integer overflows on platforms where sizeof(int) < sizeof(long).

Release Notes: This version of Apache is principally a security and bugfix release. Notably, it bundles the APR Library version 1.3.8 and APR Utility Library version 1.3.9, which address a security concern that may be triggered by some third party modules.

Release Notes: When the ap_http_header_filter processes an error bucket, The passed brigade is cleaned up before returning AP_FILTER_ERROR down the filter chain. Error responses set by filters were being coerced into 500 errors, sometimes appended to the original error response. A configuration option to insert strings in HTML HEAD has beena dded. A new LogFormat parameter, %k, logs the number of keepalive requests on this connection for this request.

Release Notes: mod_proxy_http has been changed to better handle excessive interim responses from the origin server to prevent potential denial of service and high memory usage. mod_proxy_balancer has been changed to prevent CSRF attacks against the balancer-manager interface.

Release Notes: A flaw was found in the mod_status module. On sites where mod_status is enabled and the status pages were publicly accessible, a cross-site scripting attack was possible. A flaw was found in the mod_imap module. On sites where mod_imap is enabled and an imagemap file is publicly available, a cross-site scripting attack was possible.